[GHSA-8vhq-qq4p-grq3] OS Command Injection in Plexus-utils

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 305 forks source link

Closed SunBK201 closed 1 day ago

SunBK201 commented 1 month ago

Updates

Comments According to Patch, this vulnerability was introduced from 1.4.1.

shelbyc commented 1 month ago

Hi @SunBK201, I was unable to find anything at https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41 that indicates org.codehaus.plexus:plexus-utils first became vulnerable in version 1.4.1. Are there other commits that you examined to reach this conclusion?